EP3968596A1 - Steuerungsverfahren, -vorrichtung und -system - Google Patents

Steuerungsverfahren, -vorrichtung und -system Download PDF

Info

Publication number
EP3968596A1
EP3968596A1 EP20886524.6A EP20886524A EP3968596A1 EP 3968596 A1 EP3968596 A1 EP 3968596A1 EP 20886524 A EP20886524 A EP 20886524A EP 3968596 A1 EP3968596 A1 EP 3968596A1
Authority
EP
European Patent Office
Prior art keywords
home hub
identity credential
key information
control device
iot
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP20886524.6A
Other languages
English (en)
French (fr)
Other versions
EP3968596A4 (de
EP3968596B1 (de
Inventor
Lu Gan
Xiaoshuang Ma
Jianhao HUANG
Chao He
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of EP3968596A1 publication Critical patent/EP3968596A1/de
Publication of EP3968596A4 publication Critical patent/EP3968596A4/de
Application granted granted Critical
Publication of EP3968596B1 publication Critical patent/EP3968596B1/de
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Definitions

  • the present invention relates to the field of internet of things technologies, and in particular, to a control method, apparatus, and system.
  • an internet of things (internet of things, IoT) solution includes an IoT device and an IoT application that is used to control the IoT device.
  • IoT internet of things
  • an IoT application may be an APP.
  • a control device loaded with the IoT application is directly connected to an IoT device by using a communications technology such as wireless-fidelity (wireless-fidelity, Wi-Fi), Zigbee, or Bluetooth low energy (Bluetooth low energy, BLE), or forwards, through an IoT cloud, a control message to an IoT device that can be directly connected to the internet.
  • a communications technology such as wireless-fidelity (wireless-fidelity, Wi-Fi), Zigbee, or Bluetooth low energy (Bluetooth low energy, BLE)
  • BLE Bluetooth low energy
  • a home hub (usually a permanently home-mounted device, such as a television, a sound box, a router, or an IoT gateway) is added.
  • the home hub is locally connected to the IoT device by using the communications technology such as Wi-Fi, Zigbee, or BLE, and then is connected to the control device through near field or remote communication.
  • the IoT device is isolated from the public network, reducing the risk that the IoT device is attacked.
  • the control device and the home hub establish a near-end security channel by using a PAKE protocol, and then the control device sends, to the home hub through the near-end security channel, a public-private key pair used to control the IoT device, so that the home hub can use an identity of the control device as a proxy to control the IoT device.
  • terminal vendors construct, based on a secure element (secure element, SE) and a trusted execution environment (trusted execution environment, TEE), security capabilities (such as fingerprint recognition, password processing, data encryption and decryption, and security authentication) on their own terminal devices, so that the terminal devices can securely implement functions such as mobile payment and fingerprint unlocking, and isolate sensitive operations at a program execution environment level, to avoid privacy data and sensitive operations being cracked.
  • SE secure element
  • TEE trusted execution environment
  • security capabilities such as fingerprint recognition, password processing, data encryption and decryption, and security authentication
  • These terminal vendors are also IoT solution providers.
  • These terminal vendors have their own TEE platforms and can construct, on their own terminals, hardware-based control devices for IoT devices, to further improve IoT security.
  • none of these providers open the TEE platform to a third-party IoT application vendor.
  • the control device When the IoT application is installed on a control device of a same vendor brand as the home hub, the control device generates a set of identity credential (such as a public-private key pair) for pairing during a connection process of the home hub.
  • a set of identity credential such as a public-private key pair
  • the IoT application is installed on a control device of a different vendor brand from the home hub, because a third-party brand control device does not have an SE-based protection capability, if the third-party brand control device still uses the foregoing set of identity credential, a key in the identity credential may be cracked on the third-party brand control device. Therefore, using a same identity credential for control devices of different vendor brands poses a great risk.
  • embodiments of this application provide an identity permission escalation method, apparatus, and system.
  • this application provides a control method, where a first device and a home hub have a same trusted execution environment TEE platform, a second device and the home hub have different TEE platforms, and the method includes:
  • the second device sends an identity credential of the second device and public key information of an identity credential of the first device to the home hub, where the identity credential of the second device includes public key information of the second device and private key information of the second device; the home hub controls at least one IoT device based on the identity credential of the second device; the first device sends private key information of the identity credential of the first device to the home hub; and the home hub controls the at least one IoT device based on the identity credential that is of the first device and that is formed by the public key information of the first device and the private key information of the first device.
  • the second device configures a set of identity credential in the home hub, so that the second device is bound to the home hub and controls the IoT device through the home hub.
  • the first device configures another set of identity credential in the home hub, so that the first device controls the IoT device through the home hub.
  • the home hub may preferably use the identity credential of the first device with a higher permission, so that the first device controls the IoT device, to elevate a control permission of the home hub.
  • the method before the home hub receives the identity credential of the second device and the public key information of the identity credential of the first device that are sent by the second device, the method further includes: The second device initiates a PAKE protocol negotiation to the home hub, and then the home hub establishes a secure encrypted channel with the second device. That the home hub receives the identity credential of the second device and the public key information of the identity credential of the first device that are sent by the second device includes: The second device sends, through the secure encrypted channel, the identity credential of the second device and the public key information of the identity credential of the first device that are encrypted to the home hub.
  • a secure channel is established with the home hub, to protect security of sending information between the second device and the home hub.
  • the method further includes: The home hub decrypts the identity credential of the second device and the public key information of the identity credential of the first device, and then stores, in a secure storage unit in the home hub, the identity credential of the second device and the public key information of the identity credential of the first device that are decrypted.
  • the secure storage unit is unchangeable, the received identity credential of the second device and public key information of the first device are stored in the secure storage unit, to ensure that data is not tampered with.
  • the method before the home hub receives private key information that is of the identity credential of the first device and that is sent by the first device, the method further includes: The first device initiates an STS protocol negotiation to the home hub.
  • the home hub attempts to verify an identity of the first device by using the public key information that is of the identity credential of the first device and that is received from the second device.
  • the home hub verifies that the first device is a device corresponding to the public key information that is of the identity credential of the first device and that is received from the second device
  • the method further includes: decrypting the private key information of the first device, and then storing the decrypted private key information in a secure storage unit in the home hub.
  • this application provides a control apparatus, and the apparatus performs any one of the embodiments that may be implemented in the first aspect.
  • this application provides a control method, where a first device and a home hub have a same trusted execution environment TEE platform, a second device and the home hub have different TEE platforms, and the method includes:
  • the first device sends an identity credential of the first device and an identity credential of the second device to the home hub, or sends the identity credential of the first device and public key information of the identity credential of the second device.
  • the identity credential includes public key information and private key information.
  • the home hub controls at least one IoT device based on the identity credential of the first device.
  • the first device configures a set of identity credential in the home hub, so that the first device is bound to the home hub and controls the IoT device through the home hub.
  • the second device configures another set of identity credential in the home hub, so that the second device controls some special IoT devices through the home hub.
  • the method before the home hub receives the identity credential of the first device, and the identity credential of the second device or the public key information of the identity credential of the second device that are sent by the first device, the method further includes: After the first device initiates a PAKE protocol negotiation to the home hub, the home hub establishes a secure encrypted channel with the first device.
  • That the home hub receives the identity credential of the first device, and the identity credential of the second device or the public key information of the identity credential of the second device that are sent by the first device includes: The first device sends, through the secure encrypted channel to the home hub, the identity credential of the first device and the identity credential of the second device that are encrypted, or the identity credential of the first device and the public key information of the identity credential of the second device that are encrypted.
  • a secure channel is established with the home hub, to protect security of information sent between the first device and the home hub.
  • the method further includes: The home hub decrypts the identity credential of the first device and the identity credential of the second device, or the identity credential of the first device and the public key information of the identity credential of the second device, and then stores, in a secure storage unit in the home hub, the identity credential of the first device and the identity credential of the second device, or the identity credential of the first device and the public key information of the identity credential of the second device that are decrypted.
  • the secure storage unit is unchangeable, the received identity credential of the first device and identity credential (or public key information) of the second device are stored in the secure storage unit, to ensure that data is not tampered with.
  • the method when the home hub receives the identity credential of the first device and the public key information of the identity credential of the second device that are sent by the first device, the method further includes: The second device sends the private key information of the identity credential of the second device to the home hub; and the home hub controls the at least one IoT device based on the identity credential that is of the second device and that is formed by the public key information of the second device and the private key information of the second device.
  • the home hub when the identity credential of the first device and the public key information of the second device are received, the home hub includes only the public key information of the second device. Therefore, the private key information of the second device is further required to form the identity credential of the second device.
  • the method before the home hub receives the private key information that is of the identity credential of the second device and that is sent by the second device, the method further includes: The second device initiates an STS protocol negotiation to the home hub.
  • the home hub attempts to verify an identity of the second device by using the public key information that is of the identity credential of the second device and that is received from the first device.
  • the home hub verifies that the second device is a device corresponding to the public key information that is of the identity credential of the second device and that is received from the first device
  • the home hub establishes a secure encrypted channel with the second device. That the home hub receives the private key information that is of the identity credential of the second device and that is sent by the second device includes: The second device sends, through the secure encrypted channel, the encrypted private key information of the identity credential of the second device to the home hub.
  • the method further includes: decrypting the private key information of the second device, and then storing the decrypted private key information in a secure storage unit in the home hub.
  • this application provides a control apparatus, and the apparatus performs any one of the embodiments that may be implemented in the third aspect.
  • this application provides an electronic device, including a transceiver, a processor, and a memory.
  • the transceiver is configured to receive and send data;
  • the memory stores one or more programs, the one or more programs include instructions, and when the instructions are executed by the processor, the electronic device is enabled to perform any one of the embodiments that may be implemented in the first aspect or any one of the embodiments that may be implemented in the third aspect.
  • this application provides an identity permission escalation system, including a first device, a home hub, and at least one IoT device.
  • the first device and the home hub have a same trusted execution environment TEE platform.
  • the second device sends a secure channel establishment protocol to the home hub, and the home hub establishes a secure channel with the second device.
  • the second device and the home hub have different trusted execution environment TEE platforms.
  • the secure channel establishment protocol is sent to the home hub when the second device logs in to an IoT application program for the first time.
  • the IoT application program is used to control the home hub and the at least one IoT device.
  • the second device sends, through the secure channel to the home hub, an identity credential of the second device and public key information of an identity credential of the first device.
  • the home hub controls the at least one IoT device based on the received identity credential of the second device.
  • the first device logs in to the IoT application program.
  • the home hub attempts to verify an identity of the first device based on the received public key information of the identity credential of the first device, and after confirming the identity of the first device, the home hub receives private key information that is of the identity credential of the first device and that is sent by the first device.
  • the home hub controls the at least one IoT device based on the identity credential of the first device.
  • the identity credential of the first device includes the public key information of the identity credential of the first device and the private key information of the identity credential of the first device.
  • that the home hub controls the at least one IoT device based on the identity credential of the second device or the identity credential of the first device includes: After receiving a control instruction sent by the second device or the first device, the home hub controls the at least one IoT device based on the identity credential of the second device or the identity credential of the first device and according to the control instruction.
  • this application provides an identity permission escalation system, including a first device, a home hub, and at least one IoT device.
  • the first device and the home hub have a same trusted execution environment TEE platform.
  • the first device logs in to an IoT application program for the first time, the first device sends a secure channel establishment protocol to the home hub.
  • the home hub establishes, according to the received secure channel establishment protocol, a secure channel with the first device.
  • the first device sends, through the secure channel to the home hub, an identity credential of the first device and an identity credential of the second device.
  • the second device and the home hub have different TEE platforms.
  • the home hub controls the at least one IoT device based on the received identity credential of the first device.
  • the home hub When the second device logs in to the IoT application program, the home hub attempts to verify an identity of the second device based on received public key information of the identity credential of the second device, and after confirming the identity of the second device, the home hub controls the at least one IoT device based on the identity credential of the second device.
  • that the home hub controls the IoT device based on the identity credential of the first device or the identity credential of the second device includes: After receiving a control instruction sent by the first device or the second device, the home hub controls the at least one IoT device based on the identity credential of the first device or the identity credential of the second device and according to the control instruction.
  • this application provides a readable storage medium, configured to store instructions. When the instructions are executed, any one of the embodiments that may be implemented in the first aspect or any one of the embodiments that may be implemented in the third aspect is implemented.
  • this application provides a computer program device including instructions.
  • the terminal is enabled to perform any embodiment that may be implemented in the first aspect or any embodiment that may be implemented in the third aspect.
  • FIG. 1 is a schematic structural diagram of an identity permission escalation system according to an embodiment of this application.
  • the system provided in this application includes a control device 10, a control device 20, a home hub 30, and N IoT devices 40.
  • the home hub 30 is connected to each IoT device 40 by using a near field communications technology such as Wi-Fi, Zigbee, or BLE, and is connected to the control device 10 and the control device 220 by using a near field or remote communications technology.
  • a near field communications technology such as Wi-Fi, Zigbee, or BLE
  • the control device 10 is deployed (installed) with an IoT application program used to control the home hub 30 and the IoT device 40, controls statuses of the home hub 30 and the IoT device 40 by using the near field or remote communications technology, and receives status events reported by the home hub 30 and the IoT device 40.
  • the IoT application program may be a software program such as an applet or an APP.
  • the control device 10 may control the IoT device 40 through the home hub 30. It should be noted that one IoT application program may control a plurality of IoT devices 40, and may control the home hub 30. It may be understood that the home hub 30 is also an IoT device, and is an IoT device with a central capability.
  • the control device 10 is a device that has a same TEE platform as the home hub 30. It should be noted that the IoT application program and the home hub 30 have a same TEE platform. In an embodiment that may be implemented, the control device 10, the home hub 30, and the IoT application program are all produced by a same device vendor. Devices or application programs produced by the device vendor are all based on a same TEE platform. The control device 10 may construct, on the TEE platform, a hardware-based IoT device 40 to control a secure application, to improve IoT security.
  • the control device 20 is also deployed (installed) with an IoT application program used to control the IoT device 40, controls statuses of the IoT device 40 by using the near field or remote communications technology, and receives status events reported by the IoT device 40.
  • the control device 20 is a device that has a different TEE platform from the home hub 30, or the control device 20 is a device that does not have a TEE platform.
  • the control device 20 and the home hub 30 belong to different device vendors, and in this case, the control device 20 is referred to as a device produced by a third-party device vendor. Because each device vendor does not open the TEE platform to another device vendor, the IoT application program deployed on the control device 20 can use only a basic security capability interface (for example, an interface such as Keystore on Android or Keychain on iOS) provided by an operating system to protect sensitive information.
  • a basic security capability interface for example, an interface such as Keystore on Android or Keychain on iOS
  • control device 10 and the control device 20 may include but are not limited to mobile devices such as a mobile phone, a tablet computer, and a notebook computer.
  • the home hub 30 is locally connected to the IoT device 40 by using a near-end communications technology, and then is connected to the control device 10 and the control device 20 through near field or remote communication. In this way, the IoT device 40 is isolated from the internet, reducing a risk that the IoT device 40 is attacked.
  • an identity credential that is of the control device 10 or the control device 20 and that is used to control the IoT device 40 is sent to the home hub 30, so that the home hub 30 uses an identity of the control device as a proxy to control the IoT device 40.
  • the home hub 30 is generally a resident device deployed at home, and may include but is not limited to a device such as a television, a sound box, a router, or a gateway.
  • the home hub 30 may simultaneously control a plurality of IoT devices 40.
  • the IoT device 40 is an intelligent device having an internet of things function.
  • an IoT application program may be used to perform local control (controlled by the IoT device on which the IoT application is installed) or remote control (controlled by the control device on which the IoT application is installed) on the IoT device, and report a status change event.
  • the IoT device 40 may include but is not limited to devices such as an intelligent camera, a door lock, an air conditioner, a sound box, a television, a light, and a sweeping robot.
  • the control device 10 not only has an identity credential (a public-private key pair) of the control device 10, but also has an identity credential of the control device 20 or public key information of the identity credential of the control device 20.
  • the control device 10 is bound (which may also be referred to as pairing), at near end, to the home hub 30, after the control device 10 sends the identity credential of the control device 10 and the identity credential of the control device 20 to the home hub 30 (or the control device 10 sends the identity credential of the control device 10 and the public key information of the identity credential of the control device 20 to the home hub 30), the control device 10 can control the IoT device 40 through the home hub 30.
  • the IoT application detects a TEE platform of the control device, and determines whether the control device and the IoT application have a same TEE platform (or determines whether the control device and the IoT application have a same vendor). If it is detected that the control device is the control device 10 (that is, a same TEE platform or a same vendor), the control device 10 locally generates the identity credential of the control device 10 under the account, and uploads the identity credential to an IoT server. If it is detected that the control device is the control device 20 (that is, different TEE platforms or different vendors), the control device 20 locally generates the identity credential of the control device 20 under the account, and uploads the identity credential to the IoT server.
  • an account for example, an account A
  • control device 10 After the control device 10 reports the identity credential of the control device 10 to the server, when the control device 20 logs in to the IoT application program by using the same account (the account A), the control device 20 may obtain public key information of the control device 10 from the server. Similarly, after the control device 20 reports the identity credential of the control device 20 to the server, when the control device 10 logs in to the IoT application program by using the same account (the account A), the control device 10 may obtain the identity credential (public and private key information) or the public key information of the control device 20 from the server.
  • control device 20 when the control device 20 is connected to the home hub 30, identity authentication is performed by using the originally configured public key information of the identity credential of the control device 20, to receive private key information sent by the control device 20, so that the home hub 30 has both the identity credential of the control device 10 bound to the device and the identity credential of the control device 20.
  • both the control device 10 and the control device 20 can control the IoT device 40 through the home hub 30.
  • the control device 20 not only has the identity credential (a public-private key pair) of the control device 20, but also may have the public key information of the identity credential of the control device 10.
  • the control device 20 sends the identity credential of the control device 20 and the public key information of the identity credential of the control device 10 to the home hub 30, so that the control device 20 can control the IoT device 40 through the home hub 30.
  • the home hub 30 is generally bound to the control device only once. To be specific, if the control device 10 is first bound to the home hub 30, the control device 20 is subsequently not bound to the home hub 30, but is directly connected to the home hub. If the control device 20 is first bound to the home hub 20, the control device 10 is subsequently not bound to the home hub 30, but is directly connected to the home hub.
  • control device 10 when the control device 10 is connected to the home hub 30, identity authentication is performed by using the originally configured public key information of the identity credential of the control device 10, to receive private key information sent by the control device 10, so that the home hub 30 has both the identity credential of the control device 20 bound to the device and the identity credential of the control device 10.
  • both the control device 10 and the control device 20 can control the IoT device 40.
  • the home hub 30 stores the identity credential of the control device 10 and the identity credential of the control device 20. Because the identity credential of the control device 10 is protected based on the same TEE platform as the home hub 30, a leakage risk is low, and security is higher. Therefore, a permission of the control device 10 is higher than a permission of the control device 20.
  • the home hub 30 is preferably connected to the control device 10, to avoid that the identity permission of the home hub 30 cannot reach a level of the control device 10 because a device bound to the control device 20 is used.
  • the home hub 30 has a plurality of control permissions, and the home hub 30 may open all the control permissions to the control device 10, and open only some control permissions to the control device 20.
  • the control device 10 can use all control functions of the home hub 30, and the control device 20 can use only some control functions of the home hub 30.
  • some high-permission functions of the home hub 30 are opened only to the control device 10, but not to the control device 20.
  • These high-permission functions are, for example, functions such as authorizing a family member to use the home hub 30, controlling a permission of a family member, and creating an automation rule to control the IoT device 40.
  • Some low-permission functions may be opened to both the control device 10 and the control device 20.
  • the home hub 30 may identify, by using a security credential, whether the control device and the home hub 30 have a same TEE platform, that is, identify which is the control device 10 and which is the control device 20. Then, based on a preset rule, different permissions are opened to different control devices.
  • the control device 10 has both the identity credential (the public-private key pair) of the control device 10 and the identity credential (the public-private key pair) of the control device 20.
  • the control device 20 does not have a private key of the control device 10. Therefore, the control device 10 can not only control the IoT device 40 bound to the control device 10, but also control the IoT device 40 bound to the control device 20.
  • the control device 20 can control only the IoT device 40 bound to the control device 20, but cannot control the IoT device 40 bound to the control device 10. That is, the control device 10 can control all IoT devices 40, and the control device 20 can control only an IoT device 40 bound to the control device 20.
  • each IoT device 40 is bound to the control device only once. After the binding, the control device sends an identity credential of the control device to the IoT device 40, and the identity credential is subsequently used when the control device communicates with the IoT device 40. Because the control device 10 has both the identity credential of the control device 10 and the identity credential of the control device 20, the control device 10 has a high permission to control all IoT devices 40. However, the control device 20 does not have the private key of the control device 10. Therefore, the control device 20 has a low permission, and cannot control the IoT device 40 bound to the control device 10.
  • control devices are classified into two types based on whether the control device and the home hub 30 have a same TEE platform, and identity credentials of the two types of control devices are stored in the home hub 30, to ensure that different types of control devices use their own identity credentials, to avoid a security problem caused by leakage of private key information of a peer.
  • identity credentials of the two types of control devices are stored in the home hub 30, to ensure that different types of control devices use their own identity credentials, to avoid a security problem caused by leakage of private key information of a peer.
  • the home hub 30 may preferably use an identity credential of a control device with a higher permission (on a same TEE platform as the home hub 30).
  • FIG. 2 is a flowchart of a control method according to an embodiment of this application. As shown in FIG. 2 , specific implementation steps of the control method provided in this application are as follows:
  • Step S201 A home hub receives an identity credential of a second device and public key information of an identity credential of a first device that are sent by the second device.
  • the second device When the home hub is bound to the second device, the second device sends the identity credential of the second device and the public key information of the identity credential of the first device to the home hub.
  • the second device logs in to an IoT application program by using an account.
  • Step S203 The home hub controls an IoT device based on the identity credential of the second device.
  • the second device can control the IoT device through the home hub.
  • the home hub controls the IoT device
  • the home hub communicates with the IoT device by using the identity credential of the second device.
  • Step S205 The home hub receives private key information that is of the identity credential of the first device and that is sent by the first device.
  • the home hub After the home hub is bound to the second device, when the first device logs in to the IoT application program by using a same account (the same account as the second device), verification may be performed between the home hub and the first device. After the verification succeeds, the first device sends the private key information of the identity credential of the first device to the home hub.
  • Step S207 The home hub controls the IoT device based on the identity credential that is of the first device and that is formed by the public key information of the first device and the private key information of the first device.
  • the first device can control the IoT device through the home hub.
  • the home hub communicates with the IoT device by using the identity credential of the first device.
  • control device 20 configures a set of identity credential in the home hub 30, so that the control device 20 is bound to the home hub 30 and controls the IoT device 40 through the home hub 30.
  • control device 10 configures another set of identity credential in the home hub 30, so that the control device 10 controls the IoT device 40 through the home hub 30.
  • the home hub 30 may preferably use the identity credential of the control device 10 with a higher permission, so that the control device 10 controls the IoT device 40, to elevate a control permission of the home hub 30.
  • FIG. 3 is a flowchart of binding a control device and a home hub according to an embodiment of this application. As shown in FIG. 3 , a specific process of binding the control device 20 and the home hub 30 is as follows:
  • Step S301 The control device 20 establishes a secure channel with the home hub 30.
  • the APP may be installed by a user on the control device 10 of a same device vendor that produces the home hub 30 (that is, the control device 10 and the home hub 30 are protected based on a same TEE platform), or that the APP may be installed by a user on the control device 20 of a different device vendor that produces the home hub 30 (that is, the control device 20 and the home hub 30 are protected based on different TEE platforms).
  • the device vendor of the home hub 30 enables, by using two sets of identity credential, the control device 10 to perform identity authentication by using one set of identity credential in a process of connecting to the home hub 30, and enables the control device 20 to perform identity authentication by using the other set of identity credential in a process of connecting to the home hub 30.
  • a connection needs to be established between the control device 20 and the home hub 30. Because a near field/remote communication connection between the control device 20 and the home hub 30 has a risk of being attacked, a secure channel needs to be established between the control device 20 and the home hub 30, to protect security of sending data between the control device 20 and the home hub 30.
  • FIG. 4 is a flowchart of a process in which a control device and a home hub establish a secure channel by using a PAKE protocol. As shown in FIG. 4 , a specific process in which the control device 20 and the home hub 30 establish the secure channel by using the PAKE protocol is as follows:
  • the secure channel is established by using the PAKE protocol, to ensure security of sending data by the control device 20 to the home hub 30.
  • Step S302 The control device 20 sends an identity credential of the control device 20 and public key information of an identity credential of the control device 10 to the home hub 30 through the secure channel. Specifically, after encrypting the identity credential of the control device 20 and the public key information of the control device 10 by using the shared key K2, the control device 20 sends the encrypted identity credential of the control device 20 and public key information of the control device 10 to the home hub 30.
  • the control device 20 before the control device 20 is bound to the home hub 30, the control device 20 obtains public key information of another set of identity credential (that is, the public key information of the control device 10) through an IoT cloud server, to perform identity authentication on a control device when the control device (namely, the control device 10) produced by another device vendor is subsequently connected to the home hub 30.
  • public key information of another set of identity credential that is, the public key information of the control device 10
  • IoT cloud server to perform identity authentication on a control device when the control device (namely, the control device 10) produced by another device vendor is subsequently connected to the home hub 30.
  • the control device 20 encrypts, by using the key K2, the identity credential to be bound and the public key information of the identity credential of the control device 10, to generate a ciphertext, and then sends the ciphertext to the home hub 30, to ensure security of sending the identity credential by the control device 20 to the home hub 30.
  • Step S303 The home hub 30 decrypts and stores the identity credential of the control device 20 and the public key information of the identity credential of the control device 10.
  • the home hub 30 After receiving the ciphertext generated through encryption by using the key K2, the home hub 30 needs to decrypt the ciphertext.
  • the home hub 30 decrypts the ciphertext by using the key K1, to obtain the identity credential of the control device 20 and the public key information of the control device 10. Then, the home hub 30 stores the identity credential of the control device 20 and the public key information of the control device 10 that are obtained after decryption in a secure storage unit, to implement the binding between the control device 20 and the home hub 30.
  • the home hub 30 already stores the identity credential of the control device 20, and the home hub 30 may send a control instruction to the IoT device 40, to implement a connection between the control device 20 and the IoT device 40 and control the IoT device 40.
  • the identity credential of the control device 20 and the public key information of the identity credential of the control device 10 that are stored in the secure storage unit of the home hub 30 cannot be modified, unless information (such as the PIN code) of the IoT device 40 is deleted from the home hub 30 or factory settings are restored.
  • control device 20 and the home hub 30 are devices protected by different TEE platforms, or the control device 20 is a device not protected by a TEE platform, private key information of the identity credential of the control device 20 needs to be protected by a security capability interface of an operating system of the control device 20, for example, an interface such as a Keystore of Android or a Keychain of iOS. Security of this protection is not as high as being protected by the TEE platform. Therefore, in this embodiment of this application, the public key information of the control device 10 is configured on the home hub 30, so that the public key information of the control device 10 on the home hub 30 is not replaced or changed in a subsequent use process of the control device 20. In this way, it is avoided that after the private key information of the control device 20 is leaked, an attacker replaces the public key information of the control device 10 when performing binding, to change the public key information that is of the control device 10 and that is previously configured in the home hub 30.
  • Step S304 The control device 20 controls the IoT device 40 through the home hub 30.
  • the home hub 30 After the control device 20 is bound to the home hub 30, the home hub 30 already stores the identity credential of the control device 20, and the home hub 30 may use the identity credential of the control device 20 when communicating with the IoT device 40, to implement a connection between the control device 20 and the IoT device 40, control a status of the IoT device 40, and receive a status event reported by the IoT device 40.
  • a specific scenario may be as follows: The control device 20 is a mobile phone, the home hub 30 is a sound box, and the IoT device 40 may be one or more of a light, a camera, or a television.
  • the mobile phone After the mobile phone is bound to the sound box, when the IoT device 40 is locally or remotely controlled through an App on the mobile phone, the mobile phone does not directly control the IoT device 40, and does not directly control the IoT device 40 through an IoT cloud. Instead, the mobile phone controls the IoT device 40 through the sound box or through the sound box and then through the IoT cloud. That is, the mobile phone directly sends the control instruction to the sound box or the mobile phone sends the control instruction to the sound box through the cloud, and then the sound box controls the IoT device 40.
  • Step S305 The control device 10 establishes a secure channel with the home hub 30.
  • step S305 is performed.
  • step S305 is performed after binding the control device 20 and the home hub 30, the user controls the IoT device 40 through the home hub 30, and when the user needs to control the IoT device 40 through the control device 10, step S305 is performed.
  • control device 10 In a process in which the home hub 30 is connected to the control device 10, the control device 10 does not need to be bound to the home hub 30 again. As long as the home hub 30 stores the identity credential of the control device 10, the control device 10 can control the IoT device 40 through the home hub 30.
  • FIG. 5 is a flowchart of a process in which a control device and a home hub negotiate to establish a secure channel by using an STS protocol.
  • a specific process in which the control device 10 and the home hub 30 negotiate to establish the secure channel by using the STS protocol is as follows:
  • Step S501 The control device 10 generates a random number x, and generates an exponent g(x) through calculation based on the random number x.
  • Step S502 The control device 10 sends the exponent g(x) to the home hub 30.
  • Step S504 The home hub 30 sends the exponent g(y) and the ciphertext 1 to the control device 10.
  • Step S506 The control device 10 sends the ciphertext 2 to the home hub 30.
  • Step S507 The home hub 30 decrypts the ciphertext 2 by using the shared key K3, and attempts to verify a signature of the ciphertext 2 by using the public key information of the identity credential of the control device 10.
  • Step S508 The home hub 30 and the control device 10 can perform encrypted communication by using the shared key K3 or K4, where the shared key K3 and the shared key K4 are a same key. That is, a secure channel is established between the control device 10 and the home hub 30, and an identity credential may be sent through the secure channel.
  • the public key information of the identity credential of the control device 10 stored in the secure storage unit in the home hub 30 is used to attempt to verify an identity of the control device that establishes the secure channel with the home hub 30, to determine whether the control device is the control device 10 protected by the same TEE platform as the home hub 30. If the control device is the control device 10 protected by the same TEE platform as the home hub 30, the secure channel is established between the home hub 30 and the control device 10. If the control device is not the control device 10 protected by the same TEE platform as the home hub 30, no secure channel is established between the home hub 30 and the control device.
  • a secure channel is established by using the STS protocol, to ensure security of subsequently sending the private key information by the control device 10 to the home hub 30.
  • Step S306 The control device 10 sends the private key information of the identity credential of the control device 10 to the home hub 30 through the secure channel. Specifically, the control device 10 may encrypt the private key information of the control device 10 by using the shared key K4, and then send the encrypted private key information to the home hub 30.
  • the control device 20 In the binding process of the home hub 30, the control device 20 has sent and stored the public key information of the identity credential of the control device 20 in the home hub 30. Therefore, in this case, the control device 10 only needs to send the private key information.
  • control device 10 in a process in which after the secure channel is established between the control device 10 and the home hub 30 by using the STS protocol, and the private key information of the identity credential of the control device 10 is sent to the home hub 30, the control device 10 encrypts the private key information of the identity credential of the control device 10 by using the key K4, to generate a ciphertext, and then sends the ciphertext to the home hub 30, to ensure security of sending the identity credential by the control device 10 to the home hub 30.
  • Step S307 The home hub 30 decrypts and stores the private key information of the identity credential of the control device 10.
  • the home hub 30 After receiving the ciphertext generated through encryption by using the key K4, the home hub 30 needs to decrypt the ciphertext.
  • the home hub 30 decrypts the ciphertext by using the key K3, to obtain the private key information of the identity credential of the control device 10. Then, the home hub 30 stores the decrypted private key information of the identity credential of the control device 10 in the secure storage unit, to form the identity credential of the control device 10 in the home hub 30.
  • Step S308 The control device 10 controls the IoT device 40 through the home hub 30.
  • the control device 10 controls the IoT device 40 through the home hub 30. If the user logs in with the account on both the APP in the control device 10 and an APP in the control device 20, the home hub 30 stores two sets of identity credential. Because the private key information of the control device 10 is protected and stored based on the same TEE platform as the home hub 30, a security risk of the control device 10 is low. Because the private key information of the control device 20 is protected based on the security capability interface of the operating system, a security risk is higher than that of the control device 10. Therefore, a permission of the identity credential of the control device 10 is higher than that of the identity credential of the control device 20.
  • the home hub 30 may preferably select the identity credential of the control device 10 with a higher identity credential permission, and in this case, the control device 10 controls the IoT device 40.
  • a display UI operation may be performed.
  • the control device 10 is connected to the home hub 30, the user is prompted whether to escalate the permission of the home hub 30 to the permission of the control device 10. If the user selects yes, the private key information of the identity credential of the control device 10 is sent to the home hub 30.
  • control device 20 configures a set of identity credential in the home hub 30, and is bound to the home hub 30, so that the control device 20 controls the IoT device 40 through the home hub 30.
  • control device 10 configures another set of identity credential in the home hub 30, so that the control device 10 controls the IoT device 40 through the home hub 30.
  • the home hub 30 may preferably use the identity credential of the control device 10 with a higher permission, so that the control device 10 controls the IoT device 40, to elevate a control permission of the home hub 10.
  • FIG. 6 is a flowchart of another control method according to an embodiment of this application. As shown in FIG. 6 , specific implementation steps of the control method provided in this application are as follows:
  • Step S601 A home hub receives an identity credential of a first device and an identity credential of a second device that are sent by the first device, or the home hub receives the identity credential of the first device and public key information of the identity credential of the second device that are sent by the first device.
  • the first device When the home hub is bound to the first device, the first device sends the identity credential of the first device and the identity credential of the second device (or the public key information of the second device) to the home hub.
  • the first device logs in to an IoT application program by using an account, and then may start to perform a binding action.
  • Step S603 The home hub controls an IoT device based on the identity credential of the first device.
  • the first device can control the IoT device through the home hub.
  • the home hub controls the IoT device
  • the home hub communicates with the IoT device by using the identity credential of the first device.
  • Step S605 The home hub receives private key information that is of the identity credential of the second device and that is sent by the second device.
  • the second device logs in to the IoT application program by using a same account (the same account as the first device)
  • verification may be performed between the home hub and the second device. After the verification succeeds, the second device sends the private key information of the identity credential of the second device to the home hub.
  • Step S607 The home hub controls the IoT device based on the identity credential that is of the second device and that is formed by the public key information of the second device and the private key information of the second device.
  • control device 10 configures a set of identity credential in the home hub 30, so that the control device 10 is bound to the home hub 30 and controls the IoT device 40 through the home hub 30.
  • control device 20 configures another set of identity credential in the home hub 30, so that the control device 20 controls some special IoT devices 40 through the home hub 30.
  • FIG. 7 is a flowchart of another process of binding a control device and a home hub according to an embodiment of this application. As shown in FIG. 7 , a specific process of binding the control device 10 and the home hub 30 is as follows:
  • Step S701 The control device 10 establishes a secure channel with the home hub 30.
  • step S301 it has been described in detail that in this embodiment of this application, two sets of identity credential are used as identity credentials of the control device 10 of a same device vendor that produces the home hub 30 and the control device 20 of a different device vendor that produces the home hub 30, so that the control device 10 performs identity authentication by using one set of identity credential in a process of connecting to the home hub 30, and the control device 20 performs identity authentication by using another set of identity credential in a process of connecting to the home hub 30. Therefore, details are not described herein again.
  • a connection needs to be established between the control device 10 and the home hub 30. Because the control device 10 and the home hub 30 are connected to the control device through near field/remote communication, there is a risk of being attacked. Therefore, a secure channel needs to be established between the control device 10 and the home hub 30, to protect security of sending data between the control device 10 and the home hub 30.
  • a secure encrypted channel is established between the control device 10 and the home hub 30 by using a PAKE protocol.
  • a PAKE protocol For a specific establishment process, refer to FIG. 4 and descriptions of corresponding steps.
  • the control device 20 in the embodiment shown in FIG. 4 may be replaced with the control device 10.
  • the secure channel is established by using the PAKE protocol, to ensure security of sending data by the control device 10 to the home hub 30.
  • Step S702 The control device 10 sends an identity credential of the control device 10 and public key information of an identity credential of the control device 20 to the home hub 30 through the secure channel. Specifically, after encrypting the identity credential of the control device 10 and the public key information of the control device 20 by using the shared key, the control device 10 sends the encrypted identity credential of the control device 10 and public key information of the control device 20 to the home hub 30.
  • the control device 10 before the control device 10 is bound to the home hub 30, the control device 10 obtains public key information of another set of identity credential (that is, the public key information of the identity credential of the control device 20) through an IoT cloud server, to perform identity authentication on the control device 20 when a control device (namely, the control device 20) produced by another device vendor is subsequently connected to the home hub 30.
  • public key information of another set of identity credential that is, the public key information of the identity credential of the control device 20
  • IoT cloud server an IoT cloud server
  • the control device 10 after the secure channel is established between the control device 10 and the home hub 30 by using the PAKE protocol, the control device 10 encrypts the identity credential to be bound and the public key information of the identity credential of the control device 20 by using the shared key, to generate a ciphertext, and then sends the ciphertext to the home hub 30, to ensure security of sending the identity credential by the control device 10 to the home hub 30.
  • the IoT cloud server may further send private key information of the identity credential of the control device 20 to the control device 10. Because the control device 10 and the home hub 30 are devices protected by a same TEE platform, a leakage risk of the control device 10 is low and security of the control device 10 is higher. Therefore, the private key information of the control device 20 may be downloaded to the control device 10 for storage. In this case, the control device 10 directly encrypts the two sets of identity credential, to generate a ciphertext, and then sends the ciphertext to the home hub 30. After receiving the ciphertext, the home hub 30 performs decryption and then stores the ciphertext in a secure storage unit, and directly performs step S708.
  • Step S703 The home hub 30 decrypts and stores the identity credential of the control device 10 and the public key information of the identity credential of the control device 20.
  • the home hub 30 After receiving the ciphertext generated through encryption by using the shared key, the home hub 30 needs to decrypt the ciphertext.
  • the home hub 30 decrypts the ciphertext by using the shared key, to obtain the identity credential of the control device 10 and the public key information of the identity credential of the control device 20. Then, the home hub 30 stores the identity credential of the control device 10 and the public key information of the identity credential of the control device 20 that are obtained after decryption in the secure storage unit, to implement the binding between the control device 20 and the home hub 30.
  • the home hub 30 already stores the identity credential of the control device 10, and the home hub 30 may send a control instruction to the IoT device 40, to implement a connection between the control device 10 and the IoT device 40 and control the IoT device 40.
  • the identity credential of the control device 10 and the public key information of the control device 20 that are stored in the secure storage unit of the home hub 30 cannot be modified, unless information of the IoT device 40 is deleted from the home hub 30 or factory settings are restored.
  • Step S704 The control device 10 controls the IoT device 40 through the home hub 30.
  • the home hub 30 After the control device 10 is bound to the home hub 30, the home hub 30 already stores the identity credential of the control device 10, and the home hub 30 may use the identity credential of the control device 10 when communicating with the IoT device 40, to implement a connection between the control device 10 and the IoT device 40, control a status of the IoT device 40, and receive a status event reported by the IoT device 40.
  • Step S705 The control device 20 establishes a secure channel with the home hub 30.
  • Step S705 may be performed in the following two cases: in one case, when the IoT device 40 connected to the home hub 30 needs to be jointly controlled by using the control device 10 and the control device 20; and in another case, when some IoT devices cannot be controlled by the control device 10.
  • the control device 20 does not need to be bound to the home hub 30 again. As long as the home hub 30 stores the identity credential of the control device 20, the control device 20 can control the IoT device 40 through the home hub 30.
  • a secure encrypted channel is established between the control device 20 and the home hub 30 by using an STS protocol.
  • STS protocol For a specific establishment process, refer to FIG. 5 and descriptions of corresponding steps.
  • the control device 10 in the descriptions may be replaced with the control device 20.
  • the secure channel is established by using the STS protocol, to ensure security of sending the private key information by the control device 20 to the home hub 30.
  • the public key information of the identity credential of the control device 20 stored in the secure storage unit in the home hub 30 is used to attempt to verify an identity of the control device that establishes the secure channel with the home hub 30, to determine whether the control device is the control device 20 protected by a different TEE platform from the home hub 30. If the control device is the control device 20 protected by a different TEE platform from the home hub 30, the secure channel is established between the home hub 30 and the control device 20. If the control device is not the control device 10 protected by a different TEE platform from the home hub 30, no secure channel is established between the home hub 30 and the control device.
  • Step S706 The control device 20 sends the private key information of the identity credential of the control device 20 to the home hub 30 through the secure channel established in step S705.
  • the control device 10 In the binding process of the home hub 30, the control device 10 has sent and stored the public key information of the identity credential of the control device 20 in the home hub 30. Therefore, in this case, the control device 20 only needs to send the private key information.
  • control device 10 in a process in which after the secure channel is established between the control device 20 and the home hub 30 by using the STS protocol, and the private key information of the identity credential of the control device 20 is sent to the home hub 30, the control device 10 encrypts the private key information of the identity credential of the control device 20 by using the shared key, to generate a ciphertext, and then sends the ciphertext to the home hub 30, to ensure security of sending the identity credential by the control device 20 to the home hub 30.
  • Step S707 The home hub 30 decrypts and stores the private key information of the identity credential of the control device 20.
  • the home hub 30 After receiving the ciphertext generated through encryption by using the shared key, the home hub 30 needs to decrypt the ciphertext.
  • the home hub 30 decrypts the ciphertext by using the shared key, to obtain the private key information of the identity credential of the control device 20. Then, the home hub 30 stores the decrypted private key information of the identity credential of the control device 20 in the secure storage unit, to form the identity credential of the control device 20 in the home hub 30.
  • Step S708 The control device 20 controls a special IoT device 40 through the home hub 30.
  • the control device 20 controls the IoT device 40 through the home hub 30. If the user logs in with the account on both the APP in the control device 10 and an APP in the control device 20, the home hub 30 stores two sets of identity credential. Because the private key information of the control device 10 is protected and stored based on the same TEE platform as the home hub 30, a security risk of the control device 10 is low. Because the private key information of the control device 20 is protected based on the security capability interface of the operating system, a security risk is higher than that of the control device 10. Therefore, a permission of the identity credential of the control device 10 is higher than that of the identity credential of the control device 20.
  • the home hub 30 preferably selects the identity credential of the control device 10 with a higher identity credential permission, so that the control device 10 controls the IoT device 40 that can be controlled by the control device 10, and the control device 20 controls the IoT device 40 that cannot be controlled by the control device 10.
  • a display UI operation may be performed.
  • the control device 20 is connected to the home hub 30, the user is prompted whether to set permissions of some IoT devices 40 that need to be controlled by the control device 20 to the permission of the control device 20. If the user selects yes, the private key information of the identity credential of the control device 20 is sent to the home hub 30.
  • control device 10 configures a set of identity credential in the home hub 30, so that the control device 10 is bound to the home hub 30 and controls the IoT device 40 through the home hub 30.
  • control device 20 configures another set of identity credential in the home hub 30, so that the control device 20 controls some special IoT devices 40 through the home hub 30.
  • An embodiment of this application further provides a control system.
  • the system includes the control device 10, the control device 20, the home hub 30, and the at least one IoT device 40 described in the foregoing embodiments.
  • FIG. 8 is a schematic structural diagram of a home hub according to an embodiment of the present invention.
  • a home hub 800 shown in FIG. 8 includes a sensor 801, a display 802, a processor 803, a memory 804, a communications interface 805, and a bus 806.
  • the processor 803, the memory 804, and the communications interface 805 in the home hub 800 may establish a communication connection through the bus 806.
  • the sensor 801 is configured to obtain identity credentials including an identity credential of the control device 10 and an identity credential of the control device 20.
  • the sensor 801 may include a camera and the like.
  • the display 802 is configured to display processed data, such as a video or a virtual operation interface.
  • the processor 803 may be a central processing unit (central processing unit, CPU).
  • the memory 804 may include a volatile memory (volatile memory), for example, a random access memory (random-access memory, RAM); the memory may also include a nonvolatile memory (non-volatile memory), for example, a read-only memory (read-only memory, ROM), a flash memory (flash memory), a hard disk drive (hard disk drive, HDD), or a solid state drive (solid state drive, SSD); and the memory 804 may further include a combination of the foregoing types of memories.
  • volatile memory volatile memory
  • RAM random access memory
  • nonvolatile memory nonvolatile memory
  • non-volatile memory for example, a read-only memory (read-only memory, ROM), a flash memory (flash memory), a hard disk drive (hard disk drive, HDD), or a solid state drive (solid state drive, SSD)
  • solid state drive solid state drive
  • the control method provided in the foregoing embodiments is executed by the home hub 800.
  • Data such as an identity credential, public key information, and private key information is stored in the memory 804.
  • the memory 804 is further configured to store program instructions or the like corresponding to the remote control method described in the foregoing embodiments.
  • aspects or features in the embodiments of this application may be implemented as a method, an apparatus or a product that uses standard programming and/or engineering technologies.
  • product used in this application covers a computer program that can be accessed from any computer readable component, carrier or medium.
  • the computer-readable medium may include but is not limited to: a magnetic storage component (for example, a hard disk, a floppy disk or a magnetic tape), an optical disc (for example, a compact disc (compact disc, CD)), a digital versatile disc (digital versatile disc, DVD), a smart card and a flash memory component (for example, erasable programmable read-only memory (erasable programmable read-only memory, EPROM), a card, a stick, or a key drive).
  • various storage media described in this specification may indicate one or more devices and/or other machine-readable media that are configured to store information.
  • the term "machine-readable media" may include but is not limited to a radio channel, and various other media that can store, contain, and/or carry instructions and/or data.
  • All or some of the foregoing embodiments may be implemented by using software, hardware, firmware, or any combination thereof.
  • the embodiments may be implemented completely or partially in a form of a computer program product.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a dedicated computer, a computer network, or other programmable apparatuses.
  • the computer instructions may be stored in a computer-readable storage medium or may be transmitted from a computer-readable storage medium to another computer-readable storage medium.
  • the computer instructions may be transmitted from a website, computer, server, or data center to another website, computer, server, or data center in a wired (for example, a coaxial cable, an optical fiber, or a digital subscriber line (DSL)) or wireless (for example, infrared, radio, or microwave) manner.
  • the computer-readable storage medium may be any usable medium accessible by a computer, or a data storage device, such as a server or a data center, integrating one or more usable media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, a DVD), a semiconductor medium (for example, a solid-state drive (Solid State Disk, SSD)), or the like.
  • a magnetic medium for example, a floppy disk, a hard disk, or a magnetic tape
  • an optical medium for example, a DVD
  • a semiconductor medium for example, a solid-state drive (Solid State Disk, SSD)
  • sequence numbers of the foregoing processes do not mean execution sequences in various embodiments of this application.
  • the execution sequences of the processes should be determined based on functions and internal logic of the processes, and should not be construed as any limitation on the implementation processes of the embodiments of this application.
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the described apparatus embodiment is merely an example.
  • the unit division is merely logical function division and may be other division in actual implementation.
  • a plurality of units or components may be combined or integrated into another system, or some features may be ignored or not performed.
  • the displayed or discussed mutual couplings or direct couplings or communication connections may be implemented through some interfaces.
  • the indirect couplings or communication connections between the apparatuses or units may be implemented in electronic, mechanical, or other forms.
  • the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of network units. Some or all of the units may be selected based on actual requirements to achieve the objectives of the solutions of the embodiments.
  • the functions When the functions are implemented in the form of a software function unit and sold or used as an independent product, the functions may be stored in a computer-readable storage medium. Based on such an understanding, the technical solutions of this application essentially, or the part contributing to the prior art, or some of the technical solutions may be implemented in a form of a software product.
  • the computer software product is stored in a storage medium, and includes several instructions for instructing a computer device (which may be a personal computer, a server, or a network device) to perform all or some of the steps of the methods described in the embodiments of this application.
  • the foregoing storage medium includes: any medium that can store program code, such as a USB flash drive, a removable hard disk, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), a magnetic disk, or an optical disc.
  • program code such as a USB flash drive, a removable hard disk, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), a magnetic disk, or an optical disc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Selective Calling Equipment (AREA)
  • Telephonic Communication Services (AREA)
EP20886524.6A 2019-11-13 2020-11-10 Steuerungsverfahren, -vorrichtung und -system Active EP3968596B1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911105590.3A CN111049799B (zh) 2019-11-13 2019-11-13 控制方法、装置和系统
PCT/CN2020/127760 WO2021093722A1 (zh) 2019-11-13 2020-11-10 控制方法、装置和系统

Publications (3)

Publication Number Publication Date
EP3968596A1 true EP3968596A1 (de) 2022-03-16
EP3968596A4 EP3968596A4 (de) 2022-08-17
EP3968596B1 EP3968596B1 (de) 2026-03-25

Family

ID=70232657

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20886524.6A Active EP3968596B1 (de) 2019-11-13 2020-11-10 Steuerungsverfahren, -vorrichtung und -system

Country Status (4)

Country Link
US (1) US12010105B2 (de)
EP (1) EP3968596B1 (de)
CN (1) CN111049799B (de)
WO (1) WO2021093722A1 (de)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114650182A (zh) * 2022-04-08 2022-06-21 深圳市欧瑞博科技股份有限公司 身份认证方法、系统、装置、网关设备、设备和终端

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111049799B (zh) * 2019-11-13 2022-01-21 华为终端有限公司 控制方法、装置和系统
CN112087304B (zh) * 2020-09-18 2021-08-17 湖南红普创新科技发展有限公司 可信计算环境的异构融合方法、装置及相关设备
CN114697017B (zh) * 2020-12-31 2024-01-16 华为技术有限公司 一种密钥协商的方法及其相关设备
CN115883118B (zh) * 2021-09-28 2025-09-05 华为技术有限公司 设备登录方法、电子设备及存储介质
CN116405487B (zh) * 2023-04-25 2025-10-10 成都安恒信息技术有限公司 一种基于口令的文件分享方法
US20250097018A1 (en) * 2023-09-19 2025-03-20 Apple Inc. Secure Key Exchange
CN117113311B (zh) * 2023-10-18 2024-03-01 紫光同芯微电子有限公司 用于终端设备身份验证的方法及装置、终端设备
FR3157048A1 (fr) * 2023-12-14 2025-06-20 Electricite De France Passerelle sécurisée pour gestion locale d’un ensemble hétérogène d’objets connectés

Family Cites Families (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4021045B1 (de) 2014-02-05 2024-03-20 Apple Inc. Einheitliche kommunikationsprotokolle zur kommunikation zwischen steuergeräten und zubehör
US9712491B2 (en) * 2014-03-03 2017-07-18 Qualcomm Connected Experiences, Inc. Access control lists for private networks of system agnostic connected devices
US9813505B2 (en) * 2014-10-15 2017-11-07 Ayla Networks, Inc. Devices in a flexible registration framework
KR102297475B1 (ko) * 2014-10-17 2021-09-02 삼성전자주식회사 사물 인터넷을 위한 단말 및 그 동작 방법
KR20160132302A (ko) * 2015-05-09 2016-11-17 삼성전자주식회사 물리적 접근 제한을 이용한 장치들 사이의 키 공유 방법
US10009359B2 (en) * 2015-06-09 2018-06-26 Intel Corporation System, apparatus and method for transferring ownership of a device from manufacturer to user using an embedded resource
KR102125564B1 (ko) * 2015-07-29 2020-06-22 삼성전자주식회사 디바이스들 간의 통신 방법 및 그 디바이스
US9843929B2 (en) * 2015-08-21 2017-12-12 Afero, Inc. Apparatus and method for sharing WiFi security data in an internet of things (IoT) system
IL302704B1 (en) 2016-01-11 2025-12-01 Edico Genome Corp Genomic infrastructure for on-site or cloud-based dna and rna processing and analysis
CN105827691B (zh) * 2016-03-08 2019-08-13 中国联合网络通信集团有限公司 物联网设备控制方法及装置
CN108076011A (zh) * 2016-11-10 2018-05-25 中国移动通信有限公司研究院 一种可信执行环境数据迁移方法及装置
US10382203B1 (en) * 2016-11-22 2019-08-13 Amazon Technologies, Inc. Associating applications with Internet-of-things (IoT) devices using three-way handshake
US10164983B2 (en) * 2017-01-20 2018-12-25 Verizon Patent And Licensing Inc. Distributed authentication for internet-of-things resources
CN107124433B (zh) * 2017-07-04 2019-08-06 中国联合网络通信集团有限公司 物联网系统、物联网设备访问方法、访问授权方法及设备
CN107370597A (zh) * 2017-07-11 2017-11-21 深圳市雪球科技有限公司 基于物联网的安全认证方法以及安全认证系统
CN107277061B (zh) * 2017-08-08 2020-06-30 四川长虹电器股份有限公司 基于iot设备的端云安全通信方法
KR20190029280A (ko) * 2017-09-12 2019-03-20 삼성전자주식회사 트리 구조를 이용하는 무결성 검증 방법 및 장치
GB2568873B (en) * 2017-11-23 2021-09-22 Advanced Risc Mach Ltd Distributed management system for internet of things devices and methods thereof
CN109936547A (zh) * 2017-12-18 2019-06-25 阿里巴巴集团控股有限公司 身份认证方法、系统及计算设备
CN107919962B (zh) * 2017-12-22 2021-01-15 国民认证科技(北京)有限公司 一种物联网设备注册和认证方法
WO2019127397A1 (en) * 2017-12-29 2019-07-04 Intel Corporation Technologies for internet of things key management
US11190513B2 (en) * 2018-01-19 2021-11-30 Vmware, Inc. Gateway enrollment for internet of things device management
US11227590B2 (en) * 2018-03-20 2022-01-18 Voice of Things, Inc. Systems and methods to seamlessly connect internet of things (IoT) devices to multiple intelligent voice assistants
CN110324276B (zh) * 2018-03-28 2022-01-07 腾讯科技(深圳)有限公司 一种登录应用的方法、系统、终端和电子设备
US11269701B2 (en) * 2018-04-17 2022-03-08 Nippon Telegraph And Telephone Corporation Device control apparatus, device control method, and device control system
CN110392014B (zh) 2018-04-17 2022-08-05 阿里巴巴集团控股有限公司 物联网设备之间的通信方法及装置
KR102708782B1 (ko) * 2018-05-15 2024-09-24 삼성전자주식회사 허브를 통해 복수의 전자 장치를 서버에 연결시키는 방법 및 이를 수행하는 전자 장치
KR102661628B1 (ko) * 2018-09-13 2024-05-02 삼성전자주식회사 IoT 기기 제어 서비스를 제공하는 전자 장치 및 그 제어 방법
CN109714360B (zh) * 2019-01-31 2021-10-19 武汉天喻聚联网络有限公司 一种智能网关及网关通信处理方法
CN109981689B (zh) * 2019-04-29 2020-05-12 清华大学 物联网场景下跨域逻辑强隔离与安全访问控制方法及装置
US20200374149A1 (en) * 2019-05-22 2020-11-26 L & A Electronic, Corp Systems and methods for the implementation of an ai/iot hub in the control of electrical devices, electronics and appliances
CN110336788B (zh) * 2019-05-27 2021-11-30 北京折叠未来科技有限公司 一种物联网设备与移动终端的数据安全交互方法
CN119645682A (zh) * 2019-06-05 2025-03-18 万事达卡国际公司 分布式计算系统中的事件管理
CN110445774B (zh) * 2019-07-24 2022-04-22 创新先进技术有限公司 IoT设备的安全防护方法、装置及设备
CN111049799B (zh) * 2019-11-13 2022-01-21 华为终端有限公司 控制方法、装置和系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114650182A (zh) * 2022-04-08 2022-06-21 深圳市欧瑞博科技股份有限公司 身份认证方法、系统、装置、网关设备、设备和终端
CN114650182B (zh) * 2022-04-08 2024-02-27 深圳市欧瑞博科技股份有限公司 身份认证方法、系统、装置、网关设备、设备和终端

Also Published As

Publication number Publication date
CN111049799A (zh) 2020-04-21
EP3968596A4 (de) 2022-08-17
EP3968596B1 (de) 2026-03-25
WO2021093722A1 (zh) 2021-05-20
US12010105B2 (en) 2024-06-11
CN111049799B (zh) 2022-01-21
US20220272077A1 (en) 2022-08-25

Similar Documents

Publication Publication Date Title
EP3968596B1 (de) Steuerungsverfahren, -vorrichtung und -system
US12015599B2 (en) Devices, methods and systems to augment the security environment of internet-capable consumer devices
US10826704B2 (en) Blockchain key storage on SIM devices
US10666642B2 (en) System and method for service assisted mobile pairing of password-less computer login
CA2970310C (en) Secure storage
TWI491790B (zh) 智慧鎖具及其操作方法
US10470102B2 (en) MAC address-bound WLAN password
WO2019051776A1 (zh) 密钥的传输方法及设备
EP3668120B1 (de) Hörgerät mit wartungsmodus und zugehöriges verfahren
US10536846B1 (en) Secure optical data exchange for stand alone certificate authority device
US11516188B2 (en) Method and apparatus for operating a connected device using a secure element device
US11228428B2 (en) Mitigation of problems arising from SIM key leakage
US20170238236A1 (en) Mac address-bound wlan password
US12047494B2 (en) Protected protocol for industrial control systems that fits large organizations
CN108734015A (zh) 存储装置及其访问权限控制方法
WO2017166362A1 (zh) 一种esim号码的写入方法、安全系统、esim号码服务器及终端
EP4175219A1 (de) Verfahren zur herstellung eines sicheren kanals
CN111132148A (zh) 用于智能家电设备配置入网的方法及装置、存储介质
CN110830436B (zh) 用户登录方法与跳板机
KR102219305B1 (ko) 클라우드 환경에서 안전한 개인 자료 파일 보호 시스템
US12184621B2 (en) Method and apparatus for authenticating encrypted communication
CN105430022A (zh) 一种数据输入控制方法和终端设备
CN115589302A (zh) 用于管理物联网设备的方法、装置和计算机可读介质
WO2017165043A1 (en) Mac address-bound wlan password

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20211210

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: DE

Free format text: PREVIOUS MAIN CLASS: H04L0029060000

Ref country code: DE

Ref legal event code: R079

Ref document number: 602020069344

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: H04L0029060000

Ipc: H04L0009400000

A4 Supplementary search report drawn up and despatched

Effective date: 20220719

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/08 20060101ALI20220713BHEP

Ipc: H04L 67/125 20220101ALI20220713BHEP

Ipc: H04L 9/40 20220101AFI20220713BHEP

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/40 20220101AFI20251110BHEP

Ipc: H04L 67/125 20220101ALI20251110BHEP

Ipc: H04L 9/08 20060101ALI20251110BHEP

Ipc: G06F 21/33 20130101ALI20251110BHEP

Ipc: G06F 21/44 20130101ALI20251110BHEP

INTG Intention to grant announced

Effective date: 20251125

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: CH

Ref legal event code: F10

Free format text: ST27 STATUS EVENT CODE: U-0-0-F10-F00 (AS PROVIDED BY THE NATIONAL OFFICE)

Effective date: 20260325

Ref country code: GB

Ref legal event code: FG4D